Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Locutus has Prototype Pollution via __proto__ Key Injection in unserialize()
Vulnerability Description
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the `unserialize()` function in `locutus/php/var/unserialize` assigns deserialized keys to plain objects via bracket notation without filtering the `__proto__` key. When a PHP serialized payload contains `__proto__` as an array or object key, JavaScript's `__proto__` setter is invoked, replacing the deserialized object's prototype with attacker-controlled content. This enables property injection, for...in propagation of injected properties, and denial of service via built-in method override. This is distinct from the previously reported prototype pollution in `parse_str` (GHSA-f98m-q3hr-p5wq, GHSA-rxrv-835q-v5mh) — `unserialize` is a different function with no mitigation applied. Version 3.0.25 patches the issue.
CVSS Information
N/A
Vulnerability Type
CWE-1321
Vulnerability Title
Locutus 安全漏洞
Vulnerability Description
Locutus是Locutus开源的一个JavaScript代码库。 Locutus 3.0.25之前版本存在安全漏洞,该漏洞源于unserialize函数未过滤__proto__键,可能导致原型污染、属性注入和拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A